mgmresorts-okta.com
Open in
urlscan Pro
45.32.129.145
Malicious Activity!
Public Scan
Effective URL: https://mgmresorts-okta.com/
Submission: On August 06 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 4th 2022. Valid for: 3 months.
This is the only time mgmresorts-okta.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: MGM Resorts (Hospitality)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 45.32.129.145 45.32.129.145 | 20473 (AS-CHOOPA) (AS-CHOOPA) | |
7 | 18.66.122.82 18.66.122.82 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 13.248.168.94 13.248.168.94 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 108.138.7.107 108.138.7.107 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 5 |
ASN20473 (AS-CHOOPA, US)
PTR: 45.32.129.145.vultrusercontent.com
mgmresorts-okta.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-82.fra60.r.cloudfront.net
ok3static.oktacdn.com |
ASN16509 (AMAZON-02, US)
PTR: a1aa626c4e9a25e01.awsglobalaccelerator.com
mgmresorts.okta.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-107.fra56.r.cloudfront.net
login.okta.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
oktacdn.com
ok3static.oktacdn.com — Cisco Umbrella Rank: 35306 |
785 KB |
3 |
okta.com
mgmresorts.okta.com login.okta.com — Cisco Umbrella Rank: 6368 |
99 KB |
2 |
mgmresorts-okta.com
1 redirects
mgmresorts-okta.com |
7 KB |
11 | 3 |
Domain | Requested by | |
---|---|---|
7 | ok3static.oktacdn.com |
mgmresorts-okta.com
ok3static.oktacdn.com |
2 | login.okta.com |
mgmresorts-okta.com
login.okta.com |
2 | mgmresorts-okta.com | 1 redirects |
1 | mgmresorts.okta.com |
mgmresorts-okta.com
|
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
mgmresorts.service-now.com |
mgmresorts.okta.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mgmresorts-okta.com R3 |
2022-08-04 - 2022-11-02 |
3 months | crt.sh |
*.oktacdn.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-22 - 2023-01-22 |
a year | crt.sh |
*.okta.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-04-07 - 2023-04-07 |
a year | crt.sh |
accounts.okta.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-07-13 - 2023-07-25 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://mgmresorts-okta.com/
Frame ID: 16435E2A22D383EB7F714277669949D2
Requests: 10 HTTP requests in this frame
Frame:
https://login.okta.com/discovery/iframe.html
Frame ID: 88CC6B6F56E069F933846FD5CD4D40C7
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
MGM Resorts - Prod - Sign InPage URL History Show full URLs
-
http://mgmresorts-okta.com/
HTTP 302
https://mgmresorts-okta.com/ Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Servicenow Password Reset
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://mgmresorts-okta.com/
HTTP 302
https://mgmresorts-okta.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
mgmresorts-okta.com/ Redirect Chain
|
20 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okta-sign-in.min.js
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/js/ |
2 MB 488 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
okta-sign-in.min.css
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/css/ |
218 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginpage-theme.6ca7f7a516a56275837982a82a0a7533.css
ok3static.oktacdn.com/assets/loginpage/css/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-sheet
mgmresorts.okta.com/api/internal/brand/theme/ |
556 B 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs08iz3etmGQTYQRGEXR
ok3static.oktacdn.com/fs/bco/1/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframe.html
login.okta.com/discovery/ Frame 88CC |
546 B 986 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fs01b59vhtyLn6peC1d8
ok3static.oktacdn.com/fs/bco/7/ |
204 KB 205 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
318 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
montserrat-light-webfont.woff
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/font/ |
22 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
montserrat-regular-webfont.woff
ok3static.oktacdn.com/assets/js/sdk/okta-signin-widget/6.5.0/font/ |
21 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
discoveryIframe-82e613074a3700abe11a.min.js
login.okta.com/lib/ Frame 88CC |
96 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: MGM Resorts (Hospitality)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| regeneratorRuntime function| setImmediate function| clearImmediate function| jQueryCourage object| u2f function| OktaSignIn function| runLoginPage1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mgmresorts-okta.com/ | Name: session Value: eyJwYXRoIjoiLyJ9.Yu4gVQ.hp4zF5ga1XIT_P_h7PoIR-AN0ZI |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.okta.com
mgmresorts-okta.com
mgmresorts.okta.com
ok3static.oktacdn.com
108.138.7.107
13.248.168.94
18.66.122.82
45.32.129.145
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
2635046d09ef0374ef304162e727ea5639b46e6ed9daaadc0f06b692e872d160
275808002d37771e00fc126cd4c7ffd593c773c4cf7aebf81a2192292917455c
3ba73f75360efd1e119b4be51ab2d2b78eefe1a3474f8fb0608f7b876194a17d
4f09d6baba302138f3b0180caa5e8c39b8be9310d000e7d03e20cb8328c1b0ec
7b3f073865815118149ad5b7fdb7febf99e982e91f8bc77f8b487833e4fb2fc4
9af30b5e4695010f9be253f861784e638c81274ca0390214629886029ca9b509
c71558cf94e0875c93b552d52dd5974ae4697ba14e5a8d7c3694247a291ca9b8
cbcdc1aae2fb087060f74c839b693796e90f45a98d1ae9f0fed80e695054301d
e899060d294cd2e7db4544c88c031272590fe5f9b72a8334dc42ee1f1868ce6a
fb1d07ab6c54c7380a93a507b48bc5ba0aee77ca32b7d4c57c38f007857a6fd1
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace